Your message dated Tue, 22 Mar 2022 06:54:16 +0100
with message-id <yjlkiko6ag0yx...@eldamar.lan>
and subject line [ftpmas...@ftp-master.debian.org: Accepted nodejs
12.22.9~dfsg-1 (source) into unstable]
has caused the Debian Bug report #1004177,
regarding nodejs: CVE-2021-44531 CVE-2021-44532 CVE-2021-44533 CVE-2022-21824
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1004177: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004177
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: nodejs
Version: 12.22.7~dfsg-2
Severity: grave
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Control: found -1 12.22.5~dfsg-2~11u1
Hi,
The following vulnerabilities were published for nodejs.
CVE-2021-44531[0]:
| Improper handling of URI Subject Alternative Names
CVE-2021-44532[1]:
| Certificate Verification Bypass via String Injection
CVE-2021-44533[2]:
| Incorrect handling of certificate subject and issuer fields
CVE-2022-21824[3]:
| Prototype pollution via console.table properties
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2021-44531
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44531
[1] https://security-tracker.debian.org/tracker/CVE-2021-44532
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44532
[2] https://security-tracker.debian.org/tracker/CVE-2021-44533
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44533
[3] https://security-tracker.debian.org/tracker/CVE-2022-21824
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21824
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: nodejs
Source-Version: 12.22.9~dfsg-1
This should fix #1004177 and the four open CVEs.
----- Forwarded message from Debian FTP Masters
<ftpmas...@ftp-master.debian.org> -----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 27 Jan 2022 13:42:36 +0100
Source: nodejs
Architecture: source
Version: 12.22.9~dfsg-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Javascript Maintainers
<pkg-javascript-de...@alioth-lists.debian.net>
Changed-By: Jérémy Lal <kapo...@melix.org>
Changes:
nodejs (12.22.9~dfsg-1) unstable; urgency=medium
.
[ Yadd ]
* Team upload
* Add fix for node-js-yaml ≥ 4
* Clean unneeded versioned dependency contraints
.
[ Jérémy Lal ]
* New upstream version 12.22.9~dfsg
* Fix make-doc patch for marked 4
* Depends on libuv >= 1.38.0
* Apply js-yaml compatibility before make-doc patch
Checksums-Sha1:
dc662f5a0242f5d9153819cad3dad2fbf9669f90 3585 nodejs_12.22.9~dfsg-1.dsc
d34ba34e53c3bc8598b2c163e43a9c2e9fb3fa38 86416
nodejs_12.22.9~dfsg.orig-types-node.tar.xz
c9cec5626868335ae420881721a35d19f0c83a98 19022540
nodejs_12.22.9~dfsg.orig.tar.xz
be46f3b758351924d7a6cc9430e88d67078db225 137232
nodejs_12.22.9~dfsg-1.debian.tar.xz
477f3d797dac59ca91c572e312023c358bb3c765 8769
nodejs_12.22.9~dfsg-1_source.buildinfo
Checksums-Sha256:
d94dcb28644d30cbd07f225f5374a9364863f70a02a4bdeea45ed653792c9cf7 3585
nodejs_12.22.9~dfsg-1.dsc
dd84dca45bae69dc6d8d6064f901ef59eef5394222c1b3218874caf87479085c 86416
nodejs_12.22.9~dfsg.orig-types-node.tar.xz
e7980415c9bfc69e707bbe65a889a86e79f884d59f87df3f7d79daf00e6c6cac 19022540
nodejs_12.22.9~dfsg.orig.tar.xz
84a4eabbe63f8d74a475ad899144676348e71c59084ee4fbcb4750e45d928a8b 137232
nodejs_12.22.9~dfsg-1.debian.tar.xz
983126e12043b1f94bcea72371cad3265e0e004b6d3a703e3ad3a5f5a5072927 8769
nodejs_12.22.9~dfsg-1_source.buildinfo
Files:
680bb2c159069a0620d16034a7635069 3585 javascript optional
nodejs_12.22.9~dfsg-1.dsc
455e1daa2ed80b184330e006f34466f5 86416 javascript optional
nodejs_12.22.9~dfsg.orig-types-node.tar.xz
abc1fab8d774f87a51cb0c694c8dfbb0 19022540 javascript optional
nodejs_12.22.9~dfsg.orig.tar.xz
1175caaa8e3c6a17af50176758d0f4e3 137232 javascript optional
nodejs_12.22.9~dfsg-1.debian.tar.xz
6e8181fdba412b539bb86fafdaf29437 8769 javascript optional
nodejs_12.22.9~dfsg-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJGBAEBCgAwFiEEA8Tnq7iA9SQwbkgVZhHAXt0583QFAmHyneQSHGthcG91ZXJA
bWVsaXgub3JnAAoJEGYRwF7dOfN0cjkP/0Tmv8krbZG49cbAIABbpKb3a0nxSWqI
FQ402BNJO4QMbxHEDwUernRqecOGSd2o50W9Uwd/bKGB6K8kp+ixOlaNVk7yc7ma
COK+pZDaJ6V6x/EsaaHi1mDYfqyczLUR+Ig7bYvh92OLTDYjnY/zxQkXkXtWKMwW
XaqA/A3fYsHda4X8kIw2/muBCmhUxDtyGicNlr26AwT7q5hg5/2p/ZE+n/uSjnS5
yo+zqMuLQ2epr04I+izHeAkq0jpkNHjOpIqh7jU0XtrcLssF9DviPTF8ofgXGmfV
VipjyDjjLZPhjWDET7JbQNNV/JiwiW+ho3UoSyhBg5oO+TVBEE5n9UTgspI+3nYS
YlqiWUrtxMUJVKejIeXTji5Ul5c0cynf3HL2i+lxkZAhv7q4GLmSsqS2bU62JdCn
5hvQjusMsthIwwZDiqBzEfC4QmnIOLZnG7R/GR286DWt6VI7pYBJzs6DzjbyBa23
x9dHrZi+xaDIUoY53ov9EZ+QUq8frMO+DCIjESgtJ9rXl4KYI0Dsg5hiNLkaEp+5
eNAzSE7uoG8XGRLv/c3X4+0Ru2EySK3fAr3CWNGMfpHgyr1E4z9OmbW3WTpdGvs6
CNxhIjNOryN5Zvz2sCCGRg0RMTvNp25Rk9x7HOBus/3TcWEocvuw7zOo6qHUygC+
qtyvyrJPZIku
=c8VS
-----END PGP SIGNATURE-----
----- End forwarded message -----
--- End Message ---
